Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Field

Description

DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system.

Supported AWS log type were source system information is not applicable or not available will be classified as AWS Internal

All other unsupported type will be classified as UNKNOWN

TABLE

For supported types: AWS<ServiceName>Log.

All other unsupported types will be classified as AWSGenericLog

COLLECTIONDATETIME

Snare Central’s local date and time of the actual log collection from AWS Kinesis Data Stream in RFC3339Nano format

CWLDATETIME

AWS CloudWatch Log’s timestamp when it receives the event log from other AWS services in RFC3339Nano format

DATETIME

The timestamp of the event log in RFC3339Nano format

SNAREDATAMAP

All unclassified field/s in the log will be pushed into the SNAREDATAMAP.

...

Notes

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html

https://docs.aws.amazon.com/streams/latest/dev/introduction.html